The Need for Secure Coding


Photo by Arif Riyanto on Unsplash

A few months ago, I purchased the book, “Alice and Bob Learn Application Security” by Tanya Janca. After reading it, I immediately recommended it to our software development team. Security is necessary to protect your systems and your data (keeping it private). Unfortunately, not a lot of CS/IT students are trained to do secure coding. Whilst it is definitely not ideal, but it is understandable as students’ class projects are often graded on functionality, rather than security or not even on design (architecturally or UI/UX)! However, this does not mean that students need not be trained how to code with security and privacy in mind.

A few days ago, the company of the book’s author, We Hack Purple (, provided me with complimentary access to their Secure Coding Course for review. I have completely forgotten about it after signing up. Good thing, however, I got an email reminder that I have yet to check it — so I did!

The Secure Coding Course is divided into five modules: Introduction to Secure Coding, Secure SDLC & Application Security Program, Secure Coding Basics, PCI DSS — for Devs!, and the OWASP Top Ten and other Common Pitfalls. The course has video, short quizzes, and a discussion area for each topic, which I find really fun to go through (listen to Tanya carefully as she has those quick tips that are very useful).

Overall, the course is a must take for today’s software developers (whilst it is oriented more for web application developers, what you learn can be applied on mobile, too, even desktop applications, since most applications connect to the the web one way or another). Whilst the course is very useful, there are a couple of recommendations that I think may improve the course.

First recommendation — replace Google’s reCAPTCHA when logging in. Whilst this limits brute force malicious logins, but it is NOT private (because, you know, Google). How about having a password-less login, similar to how does it? Maybe the course can also include tips and tricks on how to do password-less logins.

Another recommendation is to review the subtitles. I am not sure if the subtitles are generated on-the-fly and recorded or generated dynamically, but regardless, the subtitles are not accurate.

Finally, maybe include some actual code examples in addition to the snippets provided in the quizzes. This would surely help developers learn how to actually apply what was discussed.

If you are a member of a software engineering team, or learning to be software developer, then I highly recommend that you take this course. It is short, but highly informative.






Read More:The Need for Secure Coding